makekey

- generate encryption key

Synopsis

/usr/lib/makekey

Description

makekey improves the usefulness of encryption schemes that depend on a key
by increasing the amount of time required to search the key space.
It attempts to read 8 bytes for its key (the first eight
input bytes), then it attempts to read 2 bytes for its salt (the
last two input bytes). The output depends on the input in a
way intended to be difficult to compute (that is, to require a
substantial fraction of a second).

The first eight input bytes (the input key) can be arbitrary ASCII characters.
The last two (the salt) are best chosen from the set of
digits, ., /, upper- and lower-case letters. The salt characters are repeated as
the first two characters of the output. The remaining 11 output characters
are chosen from the same set as the salt and constitute
the output key.

The transformation performed is essentially the following: the salt is used
to select one of 4,096 cryptographic machines all based on the National
Bureau of Standards DES algorithm, but broken in 4,096 different ways. Using
the inputkey as key, a constant string is fed into the
machine and recirculated a number of times. The 64 bits that come
out are distributed into the 66 outputkey bits in the result.

makekey is intended for programs that perform encryption. Usually, its input and
output will be pipes.